SOC 1 vs. SOC 2 - Overview SOC 1 audit is focused on specific internal controls related to financial reporting. Each audit is unique to the controls tested for that entity. SOC 1 audits ensure that a service organization has done its due diligence when it comes to the effects their service has on their customer’s financial reporting. SOC 2 audit is focused on information and IT security identified by any of 5 trust services categories: security, confidentiality, information privacy, processing integrity and availability. SOC 2 audits ensure that a service organization’s people, infrastructure, software, data-handling, and procedures are
prepared to handle their customer’s information and data and protect it accordingly. Type 1 reports are as of a specific date; Type 2 reports are for a period of time.
16
Made with FlippingBook Digital Proposal Creator